From: JonWienk@ix.netcom.com
Date: Sun, 28 Jul 1996 02:00:13 +0800
To: cypherpunks@toad.com
Subject: Publicly Verifiable Anonymous Voting System
Message-ID: <199607271553.IAA28911@dfw-ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[Begin Rant]
As I write this, I am listening to the news coverage of the bombing in 
Centennial Park.  The ABC news reports are already linking the suspected Georgia 
Militia members accused of plotting to use pipe bombs at the Olympic Games.  
Just like OKC, the militia-gun owner-right-wing extremist smear is gearing up 
before the blood has a chance to dry.  On the other hand, the govt seems to be 
awfully reluctant to admit the obvious about TWA 800...
[End Rant]

Here is the how the voting system works.

1.  All voting information (public keys, ballots, ballot signatures, etc.) is 
publicly available via a Web site or other similar means, and can be downloaded 
in its entirety by anyone who cares to take the trouble to do so.  The software 
(and source code) used to generate ballots should be publicly available as well.

2.  When someone registers to vote, they submit a RSA public key to a registered 
voter key database.  The public key database does not contain voter information; 
only keys.  Access to the key entry terminals is controlled, so that only 
registered voters can submit keys.  A receipt is given to the voter with a hash 
of the key printed on it (PGP fingerprint style), the key entry clerk's name,  a 
receipt serial number, etc., so the voter can verify the correct key was put in 
the system, and who to shoot if it wasn't.

3.  On election day, each voter submits a ballot signed with their private key. 
The ballot contains the fingerprint of the voter's public key, the voter's 
choices, (preferably in a standardized ASCII format) and the digital signature. 
The ballot goes into the vote database regardless of whether it is valid or not. 
The voter receives a printed receipt confirming that the ballot was entered in 
the database, with a hash of the entire ballot (headers, signature, and all), 
receipt serial number, etc.

4.  After the election, each voter can verify whether their public key and 
ballot are in the database, and see whether their vote is deemed valid or not 
(if the signature on the ballot can be verified by a key in the key database). 
If there are any discrepancies, the voter has the public key, the ballot, and 
the receipts to prove that his vote should be counted.

5.  Since the key/vote databases are not connected to individuals, no one can 
connect votes to voters unless cheating occurs during the registration process. 
If there is fraud or other errors, the key/ballot/receipt combo is all that is 
necessary to prove the error--no identification of the bearer is required.

6.  Keys in the system should expire every few years.

Any comments / constructive criticisms welcome.

Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB